Well I was wondering who thinks PWNAGE/WINPWN will work with the new 3G iPhone and the new bootloader. So I figured I would ask. I don't think it wil because I think Apple found the loophole the dev team exploited and fixed it up. So I just wanted an opinion from the experts. ;D

And I figured this would go here not in the PWNAGE section because its about the 3G iPhone more and less about PWNAGE.

bluddy stupid people saying its not gonna work
to them shut upp
they will update and its gonna work the dev team rocks

For the iPhone1, the general rule is that Pwnage will always work, so 2.0 will be Pwned.

On the flipside, for the iPhone 3G, nobody knows if it will work. Nobody knows if anything wil work until the device is released.

Well I was wondering who thinks PWNAGE/WINPWN will work with the new 3G iPhone and the new bootloader. So I figured I would ask. I don't think it wil because I think Apple found the loophole the dev team exploited and fixed it up. So I just wanted an opinion from the experts. ;D

It depends. If the new 3G iPhone has the same Apple2NorAccess exploit, then WinPwn and Pwnage will work.

However, if the Bootloader has changes, Pwnage/WinPwn will not be automatically [as BootNeuter will have to be rewritten] useful as the code for these programs must be rewritten to account for the differences in bootloaders.

If the Apple2NorAccess bug is fixed, well, thats pretty much game over, because thats the main exploit WinPwn/Pwnage uses to do its magic.

On the other hand, 2.0 shows no signs of the RAM Disk image exploit found in 1.1.4/1.1.3.

I may be wrong or not. But thats to my understanding how WinPwn/Pwnage and BootNeuter do their job, and how they might be affected.

NO because they have different bootloader.
But 3G will be hacked early than 4.6 bootladers.

It won't work. Apple will definitely close the PWNAGE-exploit. De PWN-proces won't be possible, so a custom firmware won't work. The jailbreaking will work, but not with PWNAGE, because you're 3G iPhone won't let you use custom (unsigned) firmwares.

theres no such thing as a hardware/software without holes. trust me, it will be hacked within a month after release, just not with the current hacking tools.

Well I was wondering who thinks PWNAGE/WINPWN will work with the new 3G iPhone and the new bootloader. So I figured I would ask. I don't think it wil because I think Apple found the loophole the dev team exploited and fixed it up. So I just wanted an opinion from the experts. ;D


thay said it would take a HW update to correct the problome..

and unless apple updated the flash chip that the BL is stored on

then more then likely pwnage will work..with an update for that BL...


and given that apple changed as little HW as possable to make sure the 2.0 is caompatable with bith the first gen and seciond gen iphone

it is pretty inlikely that thay chanced the flash cip the BL is stored on...

Thanks for all of the information. I guess it could be anything. BUt, like you guys said, we wont know until its released.

someone will have to sacrifice some phones to take a dump of the 3G bootloader (if ultimately that's what needed). It was done before with the 1G and that gave us the breakthrough with 1G 4.6BL.
If memory serves, TA_Mobile had to sacrifice 6 iphones before he got the complete dump.

someone will have to sacrifice some phones to take a dump of the 3G bootloader (if ultimately that's what needed). It was done before with the 1G and that gave us the breakthrough with 1G 4.6BL.
If memory serves, TA_Mobile had to sacrifice 6 iphones before he got the complete dump.

ouch..thats an expencive investment to the case...

did apple care replace the phone each time?


infact any insight that can be given on the follys and fun of the 1G iphone hacking

without giveing apple to many clues...bc im sure thay frequint this forum..

would be a fun read :D

couldent you of just extracted it an decompile it from the ipsw?

It depends. If the new 3G iPhone has the same Apple2NorAccess exploit, then WinPwn and Pwnage will work.

However, if the Bootloader has changes, Pwnage/WinPwn will not be automatically [as BootNeuter will have to be rewritten] useful as the code for these programs must be rewritten to account for the differences in bootloaders.

If the Apple2NorAccess bug is fixed, well, thats pretty much game over, because thats the main exploit WinPwn/Pwnage uses to do its magic.

On the other hand, 2.0 shows no signs of the RAM Disk image exploit found in 1.1.4/1.1.3.

I may be wrong or not. But thats to my understanding how WinPwn/Pwnage and BootNeuter do their job, and how they might be affected.

It seems to me that people still don't really know how pwnage works. "Apple2NorAccess exploit" is not an exploit, it's just the way the system works. It's a payload. It's like calling the jailbreak the "Installer.app exploit".

Pwnage means patching the boot chain in the NOR to allow unsigned stuff to run, like unsigned IPSWs. The first thing the ROM does is pass control to something on the NOR (without checking it for signatures). Once we rewrite the NOR (like we can now), then there's really nothing Apple can do: They can't rewrite ROM.

How can we rewrite the NOR in the first place though? Through the ramdisk exploit. But the advantage of pwnage is that even after the ramdisk exploit is closed, because we have gained control of the NOR, we will be able to jailbreak new updates easily.

However, if you buy a new phone without the ramdisk exploit, and with something that prevents you from downgrading to a version that does have the ramdisk exploit, there's no way for us to get at NOR in the first place and pwnage will not work. In that case, a new exploit will have to be found to let us write to NOR. Of course, on entirely new hardware, it's possible that they will have ROM do a signature check as well, in which case we may be slightly screwed (in terms of pwnage anyway).

In essence: First generation iPhone users who want to upgrade to firmware 2.0: You're still golden, of course.

iPhone 3G purchasers: Stay tuned.

It seems to me that people still don't really know how pwnage works. "Apple2NorAccess exploit" is not an exploit, it's just the way the system works. It's a payload. It's like calling the jailbreak the "Installer.app exploit".

Pwnage means patching the boot chain in the NOR to allow unsigned stuff to run, like unsigned IPSWs. The first thing the ROM does is pass control to something on the NOR (without checking it for signatures). Once we rewrite the NOR (like we can now), then there's really nothing Apple can do: They can't rewrite ROM.

How can we rewrite the NOR in the first place though? Through the ramdisk exploit. But the advantage of pwnage is that even after the ramdisk exploit is closed, because we have gained control of the NOR, we will be able to jailbreak new updates easily.

However, if you buy a new phone without the ramdisk exploit, and with something that prevents you from downgrading to a version that does have the ramdisk exploit, there's no way for us to get at NOR in the first place and pwnage will not work. In that case, a new exploit will have to be found to let us write to NOR. Of course, on entirely new hardware, it's possible that they will have ROM do a signature check as well, in which case we may be slightly screwed (in terms of pwnage anyway).

In essence: First generation iPhone users who want to upgrade to firmware 2.0: You're still golden, of course.

iPhone 3G purchasers: Stay tuned.

Now I call that a pretty clear explanation. Thanks for the details :)

planetbeing, I believe it is thought of in general as an exploit because although it may be a feature, it is exploited to allow writing to the NOR.

It seems to me that people still don't really know how pwnage works. "Apple2NorAccess exploit" is not an exploit, it's just the way the system works. It's a payload. It's like calling the jailbreak the "Installer.app exploit".

Pwnage means patching the boot chain in the NOR to allow unsigned stuff to run, like unsigned IPSWs. The first thing the ROM does is pass control to something on the NOR (without checking it for signatures). Once we rewrite the NOR (like we can now), then there's really nothing Apple can do: They can't rewrite ROM.

How can we rewrite the NOR in the first place though? Through the ramdisk exploit. But the advantage of pwnage is that even after the ramdisk exploit is closed, because we have gained control of the NOR, we will be able to jailbreak new updates easily.

However, if you buy a new phone without the ramdisk exploit, and with something that prevents you from downgrading to a version that does have the ramdisk exploit, there's no way for us to get at NOR in the first place and pwnage will not work. In that case, a new exploit will have to be found to let us write to NOR. Of course, on entirely new hardware, it's possible that they will have ROM do a signature check as well, in which case we may be slightly screwed (in terms of pwnage anyway).

In essence: First generation iPhone users who want to upgrade to firmware 2.0: You're still golden, of course.

iPhone 3G purchasers: Stay tuned.

Well, like Chronic said, I understand AppleImage2NorAccess as an exploit because basically thats which feature being exploited to change the NOR.

Also, thanks for that info, as I had some questions, but they are now all cleared.

Now as to the whole process, I knew, that for the first time for Pwnage to work, you need a ramdisk exploit. Its just the NOR/ROM part that confused me, but that was cleared :) thanks again.

And yes, I know that with new hardware, things will definitely change.

More reason for me not to sell my iPhone and keep it, until a Pwnage like solution is found for 3G, and even then I won't sell as my current iPhone does everything I need. [except GPS] On the money side, I won't shell out $10 more on data if AT&T at least won't add 200 text messages to that.

Well, like Chronic said, I understand AppleImage2NorAccess as an exploit because basically thats which feature being exploited to change the NOR.

Also, thanks for that info, as I had some questions, but they are now all cleared.

Now as to the whole process, I knew, that for the first time for Pwnage to work, you need a ramdisk exploit. Its just the NOR/ROM part that confused me, but that was cleared :) thanks again.

And yes, I know that with new hardware, things will definitely change.

More reason for me not to sell my iPhone and keep it, until a Pwnage like solution is found for 3G, and even then I won't sell as my current iPhone does everything I need. [except GPS] On the money side, I won't shell out $10 more on data if AT&T at least won't add 200 text messages to that.

+1 x2.

AT&T can kiss my a$$, keeping my first Gen.

well I might sell my first gen for around $400 then buy a 3G and still have $200 left over, and maybe buy a first gen that way I have both. And if the 3G is jailbroken then I won't need to buy another first gen. I really only care about customize and summerboard and the few apps apple won't allow on the appstore.

In essence: First generation iPhone users who want to upgrade to firmware 2.0: You're still golden, of course.



A first gen phone that has been pwned, will this most likely mean that firmware 2.0 could be loaded from itunes upon release or would it need to be customised via Pwnage?

Pwnage would probably need an update like with each new beta and would need to be customized via pwnage then installed on the iPhone.